Headline News
Go Back
2014-01-23

Healthcare.gov vulnerable to 'massive identity theft'

Special to the Courier

To ensure the safety and security of Americans' personal data, Science, Space, and Technology Committee Chairman Lamar Smith recently called on President Barack Obama to formally certify the safety and security of Healthcare.gov.
"When the Obama Administration launched Healthcare.gov, Americans were led to believe that the website was safe and secure. As we have learned, this was not the case," Smith noted in a statement issued Thursday, Jan. 16. "If Americans' information is not secure, then the theft of their identities is inevitable and dangerous."
To correct what he considers an increasing untenable situation for website users, Smith called for an "outside, independent audit" of Healthcare.gov. "The President should formally certify the safety requirements, security standards and privacy conditions of Healthcare.gov. Given the potential risks and dangers associated with Healthcare.gov today, the President should not let the American people be the next target of cyber criminals," Smith said.
In November, the Science Committee held a hearing that outlined the significant threat to Americans if hackers gained information through Healthcare.gov. Witnesses at last week's hearing reiterated the consequences of identity theft.
David Kennedy, a "white hat hacker" who testified in November, provided an update to committee members on his finding. He submitted a letter that was signed by seven other security researchers who independently reviewed his analysis of vulnerabilities.
According to one of the experts, Kevin Mitnick, who was once the world's most wanted hacker, a breach may result in "massive identity theft never seen before." As Mitnick explained, "It's shameful the team that built the Healthcare.gov site implemented minimal, if any, security best practices to mitigate the significant risk of a system compromise."
Several other recent events have raised concerns about the handling of the website. In December, a former senior security expert at the Centers for Medicare and Medicaid Services stated that she recommended against launching the Healthcare.gov website on Oct. 1 because of "high risk security concerns."
The data passing through the Healthcare.gov website is one of the largest collections of personal information ever assembled, linking information from seven different federal agencies along with state agencies and government contractors. A recent report by the credit bureau and consumer data tracking service "Experian" forecasts an increase in data breaches in 2014 - particularly in the healthcare industry.
Witnesses who testified before the subcommittee on Jan. 16 included David Kennedy, chief executive officer, TrustedSEC, LLC; Waylon Krush, co-founder and CEO, Lunarline, Inc.; Michael Gregg, chief executive officer, Superior Solutions, Inc.; and Dr. Lawrence Ponemon, chairman and founder, Ponemon Institute.
For additional information about the hearing, including witness testimony, visit the Science, Space, and Technology Committee website, http://science.house.gov/hearing/full-committee-hearing-healthcaregov-consequences-stolen-identity.